StubHub Breach Part of a Coordinated, International Cybercriminal Ring

The StubHub breach began with the lifting of user credentials

A coordinated raid involving domestic and foreign law enforcement spanning several countries has disrupted an international cyber-ring responsible for a range of data breaches, including one at eBay-owned online ticket resale service StubHub.

Law enforcement agencies are working in concert to arrest a number of professional cybercriminals, including a Russian national captured in Spain and others from the US, UK and Canada, they said today.

According to Robert Capps, an executive at RedSeal Networks and the former head of Global Trust and Safety for StubHub, his extended team at StubHub uncovered the compromise, which affected the accounts of more than 1,000 customers. From there, the breach was linked to a wider net of criminal activity involving several agencies.

“A tremendous amount of hard work and dedication from all parties is required to successfully dismantle an international criminal enterprise,” Capps said via email. “Collaboration at this scale is required to turn the tables on cyber criminals, and it should not be underestimated as to what was accomplished today. The impact of today’s events are bigger than any individual arrest.”

The StubHub breach began with the lifting of user credentials; the ring hacked into other websites and then used those details to log-in to StubHub and make purchases without the users’ permission.

“Attackers are going after administrator and employee credentials using social engineering and phishing attacks,” said Eric Chiu, founder and CEO of HyTrust, in an email to Infosecurity. “These credentials are the new 'skeleton key' and are being sold and passed around in underground crime rings, creating even greater risk to organizations because they can amplify the potential threat and damage that can be done by enabling attackers with access to escalate attacks from within. That’s what’s essentially been done here. And every person, business and government is at risk.”

Adam Kujawa, head of malware intelligence at Malwarebytes Labs, said that the situation points out a widening of scale when it comes to criminal activity on the cyber level. Gone are the days of the individual hacker setting up shop in a basement. But by that very token, criminal enterprises become more vulnerable.

“Cybercrime is not the act of a single group, but rather a large effort made by multiple factions and individuals, sometimes working together to make a profit, other times working against each other to secure a market,” he said in a comment. “You can imagine that it would take an equal effort from that of law enforcement in order to take down some of the larger threats faced by users and organizations today.”

He added, “The biggest issue the cybercrime world has is that higher level, more professional criminals will always have to deal with less professional customers at some point and in doing so risk their own security. In addition, the greed and opportunity that comes along with cybercrime puts a lot of criminals out of the more paranoid mindset and forces them to do business with less secure customers, inevitably bringing their enemy (undercover law enforcement officers) into their graces, starting a chain of events that gets them caught.”

Of course, the breach and the attack vectors bring up once again the issue of password management.

“Identity data is a target for the bad guys,” said Eric Cowperthwaite, vice president of advanced security and strategy at Core Security, in an email. “Once they’ve acquired that data, they will use it to target other systems. Since most people use the same IDs and passwords across multiple systems, this bad guy strategy has a high likelihood of success. People need to protect themselves and the companies they do business with by using unique, complex passwords on each system. It’s especially important to make sure email and financial account passwords are different.”